Collection #1 Data Dump the “Tip of the Iceberg”

A recently discovered trove of breached data is just a small part of a major 871GB haul up for sale on the dark web which could contain billions of records, according to experts.

The 87GB Collection #1 dump was first publicized late last week when noted researcher Troy Hunt was alerted to the files hosted on a popular cloud site. After cleaning up the data he found it contained nearly 773 million unique email addresses and over 21 million “dehashed” passwords.

It has since emerged that this data is two to three years old, gathered from multiple sources, and that the same seller, dubbed ‘Sanixer’ on Telegram, has much more recently obtained data to sell.

Authentication security vendor, Authlogics, claims to have the data from Collection #2, 3, 4, and 5 in its possession and is loading it into its breached password database.

It estimates the new trove of data comes to roughly 784GB, nine-times the size of Collection #1, and could contain over seven billion records in its raw state.

In fact, Sanixer may have even more breached and leaked data to sell: the cyber-criminal told researcher Brian Krebs that taken together, all the other packages they have up for sale are less than a year old and total over 4TB in size.

These include one dubbed “ANTIPUBLIC #1” and another titled “AP MYR&ZABUGOR #2.”

The bottom line is that users need to invest in password managers to store and support long-and-strong unique credentials for all the main sites/accounts they have online, and to opt for multi-factor authentication where it’s available.

One security vendor warned in its 2019 predictions report at the end of last year that credential stuffing tools would become increasingly popular among the black hat community as they look to monetize troves of breached data.

“Because of the volume of data breaches in the past years and the likelihood that cyber-criminals will find a lot of users recycling passwords across several websites, we believe that we will see a surge in fraudulent transactions using credentials obtained by cyber-criminals from data breaches,” Trend Micro claimed.

“Cyber-criminals will use breached credentials to acquire real-world advantages such as registering in mileage and rewards programs to steal the benefits. They will also use these accounts to register trolls on social media for cyber-propaganda, manipulate consumer portals by posting fake reviews, or add fake votes to community-based polls — the applications are endless.”